IT Security Manager – Law Firm / Big 4 Professional Services

Salary is 160k to 175k + bonus We are seeking an experienced IT Security Manager to lead and evolve the information security program. The ideal candidate will have direct experience in a law firm or a Big 4 advisory firm, bringing deep familiarity with protecting sensitive client data and navigating compliance obligations. This is a hands-on leadership role, combining strategic oversight with active involvement in security operations.

Key Responsibilities

• Develop, implement, and maintain a comprehensive information security program that aligns with organizational goals and client confidentiality requirements.
• Establish and enforce security policies, standards, and procedures to safeguard technology assets and sensitive information.
• Continuously monitor security performance, assess risks, and provide senior leadership with actionable insights and status updates.
• Conduct risk assessments, vulnerability scans, and penetration testing to identify and mitigate cybersecurity threats.
• Lead incident response efforts, including investigation, containment, remediation, and reporting of security events.
• Serve as a mentor and technical guide to the security team, promoting professional development and adherence to security best practices.

Qualifications

• 10+ years of experience in IT and information security, with at least 4 years in a leadership role.
• Direct experience in a law firm or Big 4 professional services environment is required.
• Strong knowledge of security frameworks and regulatory standards such as NIST, ISO 27001, and HIPAA.
• Relevant certifications (CISSP, CISM, CISA, GIAC, CompTIA Security+, GISO) are highly desirable.
• Demonstrated ability to manage security initiatives, lead technical teams, and provide strategic guidance to senior stakeholders on complex security challenges.